openid connect - Programmatically authenticating SharePoint on-premises with OIDC protocol - Stack Overflow

admin管理员组

文章数量:1287789

I am trying to authenticate users from an external Idp to SharePoint Subscription Edition using OIDC protocol.

I have set up the SharePoint farm as per the article:

I have obtained the token from the Idp in exchange of the code. The token has multiple parts: access_token, token_type, expires_in and id_token (which is a signed jwt that contains basic attributes about the user and it is signed using the RS256 algorithm).

After obtaining the token, how do I authenticate to SharePoint?

I tried sending a request to a protected resource with bearer token in Authentication header. Do I use access_token or the id_token in the bearer token? I have tried both and gets 401 Unauthorized.

Any idea how to authenticate?

• Tried passing access_token and id_token in authentication header
• id_token was passed as a signed jwt. Should this be sent as decoded json string

Request:

HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
client.DefaultRequestHeaders.Add("X-FORMS_BASED_AUTH_ACCEPTED", "t");
client.DefaultRequestHeaders.Add("Accept", "application/json");
var response = client.GetAsync(SP restructed url).Result;
if (response.IsSuccessStatusCode)
{
    var responseContent = response.Content;
    string result = responseContent.ReadAsStringAsync().Result;
}

Response:

{StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  X-SharePointHealthScore: 0
  SPRequestGuid: 25b283a1-f8c2-2089-0000-00b23df91f68
  request-id: 25b283a1-f8c2-2089-0000-00b23df91f68
  X-FRAME-OPTIONS: SAMEORIGIN
  X-FRAME-OPTIONS: SAMEORIGIN
  Content-Security-Policy: frame-ancestors 'self' teams.microsoft *.teams.microsoft *.skype *.teams.microsoft.us local.teams.office *.powerapps *.yammer *.officeapps.live *.office *.stream.azure-test *.microsoftstream *.dynamics *.microsoft onedrive.live *.onedrive.live;
  Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
  SPRequestDuration: 430
  SPIisLatency: 11
  x-ms-suspended-features: features=""
  X-Content-Type-Options: nosniff
  X-MS-InvokeApp: 1; RequireReadOnly
  Strict-Transport-Security: max-age=31536000; includeSubdomains
  X-Xss-Protection: 1; mode=block
  Date: Fri, 21 Feb 2025 14:42:14 GMT
  Location: .aspx
  Server: 
  WWW-Authenticate: Bearer realm="888d6acb-3940-4a1e-92f9-9ce1b9ca8892",client_id="00000003-0000-0ff1-ce00-000000000000",trusted_issuers="00000003-0000-0ff1-ce00-000000000000@888d6acb-3940-4a1e-92f9-9ce1b9ca8892"
  Content-Length: 152
  Content-Type: text/html; charset=UTF-8
}}

本文标签： openid connectProgrammatically authenticating SharePoint onpremises with OIDC protocolStack Overflow